When extensions are enabled, ChromeResourceDispatcherHostDelegate sets "x-frame-options: sameorigin" on certain URLs. This seems rather unfortunate, but I assume we're going to need to do the same when the network service is enabled.
Filed b/111435883
Oops...comment #3 was on the wrong bug.
juncai@, can you take a look? thanks!
Do we currently have any tests to cover this case?
It seems that there are not tests for this. Some tests need to added along with the changes.
hey jun, any update? did you find time to write a test?
I am currently working on it.
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/9f6250570892d523615cdd4fd4ed052063894921 commit 9f6250570892d523615cdd4fd4ed052063894921 Author: Jun Cai <juncai@chromium.org> Date: Mon Aug 06 22:56:05 2018 Network Service: Update browser test for setting x-frame-options headers to web store requests This CL updates the currently disabled browser tests for setting x-frame-options headers to web store requests. Bug: 852877 Cq-Include-Trybots: luci.chromium.try:linux_mojo Change-Id: I8e131848a37a8fbf5b9f4bdb53bcbb225440330d Reviewed-on: https://chromium-review.googlesource.com/1155931 Reviewed-by: Reilly Grant <reillyg@chromium.org> Reviewed-by: Alex Moshchuk <alexmos@chromium.org> Reviewed-by: Matt Menke <mmenke@chromium.org> Commit-Queue: Jun Cai <juncai@chromium.org> Cr-Commit-Position: refs/heads/master@{#581028} [modify] https://crrev.com/9f6250570892d523615cdd4fd4ed052063894921/chrome/browser/extensions/api/webstore_private/webstore_private_apitest.cc [modify] https://crrev.com/9f6250570892d523615cdd4fd4ed052063894921/chrome/test/data/extensions/api_test/webstore_private/noframe.html [modify] https://crrev.com/9f6250570892d523615cdd4fd4ed052063894921/chrome/test/data/extensions/api_test/webstore_private/noframe2.html [modify] https://crrev.com/9f6250570892d523615cdd4fd4ed052063894921/testing/buildbot/filters/mojo.fyi.network_browser_tests.filter
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/2eca816172fb8ab6b9c344d8a50df7cedb9108e3 commit 2eca816172fb8ab6b9c344d8a50df7cedb9108e3 Author: Jun Cai <juncai@chromium.org> Date: Fri Aug 10 00:20:49 2018 Network Service: Add x-frame-options headers support for network service This CL adds x-frame-options headers support for network service. It is similar to what ChromeResourceDispatcherHostDelegate::OnResponseStarted() does which is for the case when network service is not enabled. Bug: 852877 Cq-Include-Trybots: luci.chromium.try:linux_mojo Change-Id: I0a66d6c4f8e91ee05baa00e918480653653b635b Reviewed-on: https://chromium-review.googlesource.com/1157524 Reviewed-by: John Abd-El-Malek <jam@chromium.org> Reviewed-by: Matt Menke <mmenke@chromium.org> Commit-Queue: Jun Cai <juncai@chromium.org> Cr-Commit-Position: refs/heads/master@{#581975} [modify] https://crrev.com/2eca816172fb8ab6b9c344d8a50df7cedb9108e3/chrome/browser/plugins/plugin_response_interceptor_url_loader_throttle.cc [modify] https://crrev.com/2eca816172fb8ab6b9c344d8a50df7cedb9108e3/chrome/browser/plugins/plugin_response_interceptor_url_loader_throttle.h [modify] https://crrev.com/2eca816172fb8ab6b9c344d8a50df7cedb9108e3/chrome/common/google_url_loader_throttle.cc [modify] https://crrev.com/2eca816172fb8ab6b9c344d8a50df7cedb9108e3/chrome/common/google_url_loader_throttle.h [modify] https://crrev.com/2eca816172fb8ab6b9c344d8a50df7cedb9108e3/chrome/common/prerender_url_loader_throttle.cc [modify] https://crrev.com/2eca816172fb8ab6b9c344d8a50df7cedb9108e3/chrome/common/prerender_url_loader_throttle.h [modify] https://crrev.com/2eca816172fb8ab6b9c344d8a50df7cedb9108e3/components/safe_browsing/browser/base_parallel_resource_throttle.cc [modify] https://crrev.com/2eca816172fb8ab6b9c344d8a50df7cedb9108e3/components/safe_browsing/browser/browser_url_loader_throttle.cc [modify] https://crrev.com/2eca816172fb8ab6b9c344d8a50df7cedb9108e3/components/safe_browsing/browser/browser_url_loader_throttle.h [modify] https://crrev.com/2eca816172fb8ab6b9c344d8a50df7cedb9108e3/components/safe_browsing/renderer/renderer_url_loader_throttle.cc [modify] https://crrev.com/2eca816172fb8ab6b9c344d8a50df7cedb9108e3/components/safe_browsing/renderer/renderer_url_loader_throttle.h [modify] https://crrev.com/2eca816172fb8ab6b9c344d8a50df7cedb9108e3/content/browser/web_package/signed_exchange_cert_fetcher_unittest.cc [modify] https://crrev.com/2eca816172fb8ab6b9c344d8a50df7cedb9108e3/content/common/mime_sniffing_throttle.cc [modify] https://crrev.com/2eca816172fb8ab6b9c344d8a50df7cedb9108e3/content/common/mime_sniffing_throttle.h [modify] https://crrev.com/2eca816172fb8ab6b9c344d8a50df7cedb9108e3/content/common/mime_sniffing_throttle_unittest.cc [modify] https://crrev.com/2eca816172fb8ab6b9c344d8a50df7cedb9108e3/content/common/throttling_url_loader.cc [modify] https://crrev.com/2eca816172fb8ab6b9c344d8a50df7cedb9108e3/content/common/throttling_url_loader_unittest.cc [modify] https://crrev.com/2eca816172fb8ab6b9c344d8a50df7cedb9108e3/content/public/common/url_loader_throttle.cc [modify] https://crrev.com/2eca816172fb8ab6b9c344d8a50df7cedb9108e3/content/public/common/url_loader_throttle.h [modify] https://crrev.com/2eca816172fb8ab6b9c344d8a50df7cedb9108e3/extensions/renderer/extension_url_loader_throttle.cc [modify] https://crrev.com/2eca816172fb8ab6b9c344d8a50df7cedb9108e3/extensions/renderer/extension_url_loader_throttle.h [modify] https://crrev.com/2eca816172fb8ab6b9c344d8a50df7cedb9108e3/extensions/renderer/guest_view/mime_handler_view/mime_handler_view_container.cc [modify] https://crrev.com/2eca816172fb8ab6b9c344d8a50df7cedb9108e3/testing/buildbot/filters/mojo.fyi.network_browser_tests.filter
Comment 1 by jam@chromium.org
, Jul 12